From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Beginning with its Trustworthy Computing framework spearheaded by Bill Gates in 2002, Microsoft’s efforts in security have come a long way, from changing the way it develops software across the product development cycle to the formation of the Enterprise Cybersecurity Group (ECG) in 2015.

In this interview, Computer Weekly APAC editor Aaron Tan speaks to Eric Lam, Microsoft’s Asia director for ECG, who talks up the pain points that chief information security officers (CISOs) are facing and what Microsoft is doing to address pressing cyber security challenges.

Tan: It has been around three years since the ECG was formed. How has the group helped enterprises in Asia-Pacific improve their security posture so far?

Lam: We have been helping customers understand how security is built into Microsoft’s products and services, and that’s important because there’s still an obsession around best-of-breed security products to mitigate security risks. This approach will be less effective over time, given the scale and volume of cyber security incidents we’re seeing today.

In Asia-Pacific, we are a team of cyber security specialists who serve as trusted advisors to our customers who want to get the most value out of their Microsoft products and services from a security perspective.

This may include areas such as threat protection, which covers endpoints, servers and right into the cloud. Putting in place a comprehensive threat protection strategy is a challenge for customers, and Microsoft has the ability to help them with that because we have security expertise across all those layers.

Take malware, for example. When it comes in through an e-mail attachment or link, it could infect one or two machines and start spreading. But today, we have built in detection and response capabilities into Windows 10, through Windows Defender AV for endpoint protection.

After some inspection and investigation, we’ll find out what’s going on and help customers protect other endpoints. This way, we can limit the impact of unknown malware to just a few devices.

Because Windows Defender ATP is a cloud service, we’re able to send information about the malware and infected emails to Microsoft Office, which can then quarantine the malware. This level of response, automation and integration is extremely difficult to execute if you have half a dozen security products across your IT stack.

Tan: You meet a lot of CISOs – what would you say are their biggest challenges?

Lam: With the risk of reputational damage and potential loss of jobs in the event of a cyber attack, CISOs face the challenge of navigating the complex cyber security landscape.

A large organisation may need more than 100 security technologies to protect their environment. If they can reduce that complexity, their jobs will be a lot easier, because they wouldn’t have to worry about having too many systems to manage. Getting multiple alerts won’t help either if their security systems are not integrated.

Tan: At Black Hat Asia last year, cyber security experts called for the software industry to do more to plug the vulnerabilities in their products. In the physical world, we don’t accept cars with defects but we seem to have accepted defective software. What are your thoughts?

Lam: I would say that a lot has been done to make sure software is as robust and resilient as it can be. For example, Windows 10 is vastly more superior to earlier versions of the operating system. In fact, Windows 10 was built from the ground up.

That said, the software we have today is never going to be perfect, but it is very much improved. Anyone who is already using Windows 10 will attest to that.

In general, I agree we need to have better software with fewer bugs and vulnerabilities. We have also done a lot of work to protect Microsoft’s cloud infrastructure and services, products and devices, and our own corporate resources.

Tan: Can you provide examples of what that work entails, say, red teaming or penetration testing?

Lam: Microsoft runs a Cyber Defense Operations Center (CDOC) in the US, which is more than a security operations centre. At CDOC, we have in-house teams that do threat hunting and red-blue teaming exercises.

At Microsoft, we fundamentally believe that a breach has occurred and that we will get attacked sooner or later. With that mindset, we don’t rely just on protection. We’re also vigilant in detecting threats so we can reduce the window for attackers to get into our systems.

If they break our defences, we want to catch them in the act and immediately respond to attacks. Our global incident response teams also provide services for some of our key customers in the event of a breach or attack.

Tan: What are your thoughts on the state of cyber security in the APAC region?

Lam: With attacks intensifying, organisations need to do a lot more to become resilient. As they move to the cloud or plan to do so, they will also have to look at securing their infrastructure on the cloud.

The good news is the level of security provided by the cloud can be higher than what an organisation can provide – a point that was also made by David Gledhill of DBS Bank, one of our customers in Singapore.

Lam: When you move to the cloud, you’re not handing off everything to the cloud provider. Employees accessing cloud applications and services still need to adopt best practices. Security incidents often arise because of human error and behaviour, so there’s no substitute for good end-user education.

Coordination is vital to ensure that Southeast Asia’s cyber security efforts are focused, effective and in synergy with one another, said ministers and senior officials at a recent cyber security event in Singapore.

Tan: Do you think the growing complexity of managing hybrid IT environments – where staff may not be fully conversant with cloud technologies – contributes to the security problem?

Lam: You nailed it. It is complexity, and it gets more complex for IT operations and security teams to manage as organisations get larger. But with built-in security, they won’t have the burden of managing multiple complicated technologies. If they use Office 365, for example, we will identify malicious links and detonate them with a sand bomb.

This will ensure employees won’t click on them out of curiosity. If their identities have been compromised, we can detect if someone is trying to log in using their accounts through threat analytics. We take that kind of complexity away from the IT operations folks, enabling organisations to become more secure.

Tan: Much of the security efforts you’ve shared apply to Windows-based workloads and customers who use Microsoft software. What about Linux which forms the majority of Azure Marketplace workloads?

Lam: A large proportion of the compute power in our datacentres is running Linux. That wasn’t the case in the past, but we have transformed. Customers using our cloud platform can leverage security technologies from our partners and third-parties to protect their cloud assets. And they can manage all of that using the Azure Security Center, a single platform that offers a central console to manage their cloud presence.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy